Skip to content

Commit 3ec9d7b

Browse files
committed
Updated the role handling to use GroupFeatures.groupman_roles consistently for group management access. Fixes a IRTF RG delegate permissions issue.
- Legacy-Id: 16160
1 parent c0f41f7 commit 3ec9d7b

6 files changed

Lines changed: 15 additions & 13 deletions

File tree

ietf/community/utils.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ def can_manage_community_list(user, clist):
4848
return True
4949

5050
if clist.group.type_id in ['area', 'wg', 'rg', 'ag', 'program', ]:
51-
return Role.objects.filter(name__slug__in=clist.group.features.admin_roles, person__user=user, group=clist.group).exists()
51+
return Role.objects.filter(name__slug__in=clist.group.features.groupman_roles, person__user=user, group=clist.group).exists()
5252

5353
return False
5454

ietf/group/models.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -229,7 +229,7 @@ class GroupFeatures(models.Model):
229229
about_page = models.CharField(max_length=64, blank=False, default="ietf.group.views.group_about" )
230230
default_tab = models.CharField(max_length=64, blank=False, default="ietf.group.views.group_about" )
231231
material_types = jsonfield.JSONField(max_length=64, blank=False, default=["slides"])
232-
admin_roles = jsonfield.JSONField(max_length=64, blank=False, default=["chair"])
232+
admin_roles = jsonfield.JSONField(max_length=64, blank=False, default=["chair"]) # Trac Admin
233233
docman_roles = jsonfield.JSONField(max_length=128, blank=False, default=["ad","chair","delegate","secr"])
234234
groupman_roles = jsonfield.JSONField(max_length=128, blank=False, default=["ad","chair",])
235235
matman_roles = jsonfield.JSONField(max_length=128, blank=False, default=["ad","chair","delegate","secr"])

ietf/group/tests_info.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -866,7 +866,7 @@ def test_add_milestone_as_chair(self):
866866
r = self.client.get(url)
867867
self.assertEqual(r.status_code, 200)
868868

869-
milestones_before = GroupMilestone.objects.count()
869+
milestones_before = GroupMilestone.objects.filter(group=group).count()
870870
events_before = group.groupevent_set.count()
871871
due = self.last_day_of_month(datetime.date.today() + datetime.timedelta(days=365))
872872

@@ -881,7 +881,8 @@ def test_add_milestone_as_chair(self):
881881
'action': "save",
882882
})
883883
self.assertEqual(r.status_code, 302)
884-
self.assertEqual(GroupMilestone.objects.count(), milestones_before + 1)
884+
m = GroupMilestone.objects.filter(group=group)
885+
self.assertEqual(m.count(), milestones_before + 1)
885886

886887
m = GroupMilestone.objects.get(desc="Test 3")
887888
self.assertEqual(m.state_id, "review")

ietf/group/utils.py

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,8 @@ def save_milestone_in_history(milestone):
9898
return h
9999

100100
def can_manage_group_type(user, group, type_id=None):
101+
if not user.is_authenticated:
102+
return False
101103
if type_id is None:
102104
type_id = group.type_id
103105
log.assertion("isinstance(type_id, (type(''), type(u'')))")
@@ -117,7 +119,7 @@ def can_manage_group_type(user, group, type_id=None):
117119
def can_manage_group(user, group):
118120
if can_manage_group_type(user, group):
119121
return True
120-
return group.has_role(user, group.features.admin_roles)
122+
return group.has_role(user, group.features.groupman_roles)
121123

122124
def milestone_reviewer_for_group_type(group_type):
123125
if group_type == "rg":
@@ -203,12 +205,11 @@ def construct_group_menu_context(request, group, selected, group_type, others):
203205
# actions
204206
actions = []
205207

206-
is_admin = group.has_role(request.user, group.features.admin_roles)
207-
can_manage = can_manage_group_type(request.user, group)
208+
can_manage = can_manage_group(request.user, group)
208209
can_edit_group = False # we'll set this further down
209210

210211
if group.features.has_milestones:
211-
if group.state_id != "proposed" and (is_admin or can_manage):
212+
if group.state_id != "proposed" and can_manage:
212213
actions.append((u"Edit milestones", urlreverse('ietf.group.milestones.edit_milestones;current', kwargs=kwargs)))
213214

214215
if group.features.has_documents:
@@ -229,11 +230,11 @@ def construct_group_menu_context(request, group, selected, group_type, others):
229230
actions.append((u"Secretary settings", urlreverse(ietf.group.views.change_review_secretary_settings, kwargs=kwargs)))
230231
actions.append((u"Email open assignments summary", urlreverse(ietf.group.views.email_open_review_assignments, kwargs=dict(acronym=group.acronym, group_type=group.type_id))))
231232

232-
if group.state_id != "conclude" and (is_admin or can_manage):
233+
if group.state_id != "conclude" and can_manage:
233234
can_edit_group = True
234235
actions.append((u"Edit group", urlreverse("ietf.group.views.edit", kwargs=dict(kwargs, action="edit"))))
235236

236-
if group.features.customize_workflow and (is_admin or can_manage):
237+
if group.features.customize_workflow and can_manage:
237238
actions.append((u"Customize workflow", urlreverse("ietf.group.views.customize_workflow", kwargs=kwargs)))
238239

239240
if group.state_id in ("active", "dormant") and not group.type_id in ["sdo", "rfcedtyp", "isoc", ] and can_manage:

ietf/group/views.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -899,7 +899,7 @@ def diff(attr, name):
899899
if not group_type and group:
900900
group_type = group.type_id
901901
if not (can_manage_group(request.user, group)
902-
or group.has_role(request.user, group.features.admin_roles)):
902+
or group.has_role(request.user, group.features.groupman_roles)):
903903
return HttpResponseForbidden("You don't have permission to access this view")
904904

905905
if request.method == 'POST':
@@ -1088,7 +1088,7 @@ def customize_workflow(request, group_type=None, acronym=None):
10881088
raise Http404
10891089

10901090
if not (can_manage_group(request.user, group)
1091-
or group.has_role(request.user, group.features.admin_roles)):
1091+
or group.has_role(request.user, group.features.groupman_roles)):
10921092
return HttpResponseForbidden("You don't have permission to access this view")
10931093

10941094
if group_type == "rg":

ietf/review/utils.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -718,7 +718,7 @@ def setup_reviewer_field(field, review_req):
718718
def get_default_filter_re(person):
719719
if type(person) != Person:
720720
person = Person.objects.get(id=person)
721-
groups_to_avoid = [ r.group for r in person.role_set.all() if r.name in r.group.features.admin_roles and r.group.features.acts_like_wg ]
721+
groups_to_avoid = [ r.group for r in person.role_set.all() if r.name in r.group.features.groupman_roles and r.group.features.acts_like_wg ]
722722
if not groups_to_avoid:
723723
return '^draft-%s-.*$' % ( person.last_name().lower(), )
724724
else:

0 commit comments

Comments
 (0)